Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38362e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          yJ63ns+uy5OkuxXphsk4soJDW/P4jNZxDgA1HqxR2Vc=
Subject key identifier:   1A:69:4A:0C:46:B8:96:84:41:35:B1:EE:B0:B1:87:9A:60:AC:75:78
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       03253B441C779DAC17750973C78F1E1D484E7858
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 20 May 2024 10:11:19 +0000
ROA not before:           Mon 20 May 2024 10:06:19 +0000
ROA not after:            Mon 19 May 2025 10:11:19 +0000
asID:                     9009
IP address blocks:        213.139.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:25:3b:44:1c:77:9d:ac:17:75:09:73:c7:8f:1e:1d:48:4e:78:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 20 10:06:19 2024 GMT
            Not After : May 19 10:11:19 2025 GMT
        Subject: CN=1A694A0C46B896844135B1EEB0B1879A60AC7578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d3:3c:92:75:29:22:eb:79:30:15:64:2b:86:
                    80:ae:e0:5f:b4:51:3d:59:c4:14:e8:7b:fa:7d:4e:
                    ee:21:4e:87:b0:39:cb:61:9a:00:d1:52:fc:20:38:
                    04:e0:ba:98:30:53:28:1a:02:6e:ad:6e:54:3a:8c:
                    c1:29:f6:38:e2:38:85:ea:c9:eb:db:51:32:11:79:
                    04:21:f9:75:df:18:c3:93:50:e4:8a:f7:e9:84:98:
                    76:ba:3d:62:4d:f6:31:62:0b:42:7e:8a:12:47:7d:
                    e9:ca:59:72:32:e6:9b:48:56:68:9a:5a:05:39:c3:
                    e1:35:8d:db:36:9d:66:02:b1:92:ea:dd:b6:9c:66:
                    18:fe:65:97:87:6b:b0:17:e6:e5:61:6e:67:0c:5f:
                    24:d1:01:ba:58:7b:70:b1:4c:98:07:fc:02:34:0f:
                    b3:d6:8d:f8:42:00:1e:40:5b:66:ce:36:09:17:d8:
                    8f:1a:95:71:81:3d:f5:65:9d:09:4b:38:e2:ff:cb:
                    b3:ba:52:44:c0:ca:29:e9:3e:b3:19:1a:53:9e:5a:
                    81:a1:00:5f:45:ad:90:77:50:14:93:44:91:d8:01:
                    6b:b7:3b:8e:02:3d:2f:99:b9:43:a1:f1:e1:ec:34:
                    83:2a:7a:49:c9:5c:b4:f4:94:bd:34:86:25:f9:b7:
                    a6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:69:4A:0C:46:B8:96:84:41:35:B1:EE:B0:B1:87:9A:60:AC:75:78
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:82:7e:7d:a9:3f:f6:69:ee:00:39:f8:22:ae:29:53:4a:3d:
         eb:5b:83:22:d7:b9:6d:d2:2a:05:f7:09:4e:64:40:02:06:a9:
         be:9f:d5:94:cc:27:96:5f:94:bf:1a:37:6e:73:97:e2:77:7c:
         4a:03:c2:37:12:5d:05:62:7b:a9:6e:3f:5f:97:f0:2e:f9:4b:
         5a:eb:30:36:9b:63:34:0d:32:d6:7a:8f:e8:de:0b:82:7c:09:
         03:a8:7e:ad:86:58:2c:91:5a:a1:03:ff:14:73:5e:23:1a:fb:
         99:1b:81:77:f5:0d:f2:96:ff:01:66:3c:36:3d:94:27:87:9f:
         b9:9c:51:1b:4d:78:b9:a0:2f:48:b2:b1:b7:06:c8:0a:8b:34:
         5f:d7:80:e2:65:ce:47:f2:58:cf:18:8f:f4:1c:cb:93:db:d2:
         a2:02:8c:4d:f9:49:46:ec:c6:fa:6b:7a:f3:4b:f5:2b:47:0d:
         c5:99:d3:8f:24:05:a5:a8:35:7f:e9:ce:d8:19:20:de:2e:b7:
         63:05:e3:a1:22:91:27:18:26:40:a4:27:c3:a6:68:44:6e:44:
         33:f2:4d:75:97:b1:b8:78:6e:eb:cb:37:28:3d:70:92:cc:cf:
         fd:cb:19:0c:c2:c2:4d:bc:36:32:b5:51:5a:f2:a9:01:dc:37:
         17:2a:8e:90
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAyU7RBx3nawXdQlzx48eHUhOeFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MjAxMDA2MTlaFw0yNTA1MTkxMDExMTlaMDMxMTAvBgNV
BAMTKDFBNjk0QTBDNDZCODk2ODQ0MTM1QjFFRUIwQjE4NzlBNjBBQzc1NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+0zySdSki63kwFWQrhoCu4F+0
UT1ZxBToe/p9Tu4hToewOcthmgDRUvwgOATgupgwUygaAm6tblQ6jMEp9jjiOIXq
yevbUTIReQQh+XXfGMOTUOSK9+mEmHa6PWJN9jFiC0J+ihJHfenKWXIy5ptIVmia
WgU5w+E1jds2nWYCsZLq3bacZhj+ZZeHa7AX5uVhbmcMXyTRAbpYe3CxTJgH/AI0
D7PWjfhCAB5AW2bONgkX2I8alXGBPfVlnQlLOOL/y7O6UkTAyinpPrMZGlOeWoGh
AF9FrZB3UBSTRJHYAWu3O44CPS+ZuUOh8eHsNIMqeknJXLT0lL00hiX5t6ZZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGmlKDEa4loRBNbHusLGHmmCsdXgwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VjANBgkqhkiG9w0BAQsFAAOCAQEAMYJ+fak/9mnuADn4Iq4pU0o961uDIte5bdIq
BfcJTmRAAgapvp/VlMwnll+Uvxo3bnOX4nd8SgPCNxJdBWJ7qW4/X5fwLvlLWusw
NptjNA0y1nqP6N4LgnwJA6h+rYZYLJFaoQP/FHNeIxr7mRuBd/UN8pb/AWY8Nj2U
J4efuZxRG014uaAvSLKxtwbICos0X9eA4mXOR/JYzxiP9BzLk9vSogKMTflJRuzG
+mt680v1K0cNxZnTjyQFpag1f+nO2Bkg3i63YwXjoSKRJxgmQKQnw6ZoRG5EM/JN
dZexuHhu68s3KD1wkszP/csZDMLCTbw2MrVRWvKpAdw3FyqOkA==
-----END CERTIFICATE-----